KUALA LUMPUR – The Covid-19 Vaccine Supply Access Guarantee Special Committee (JKJAV) website’s Cloudflare setup may be the culprit behind today’s technical glitches as Malaysians rushed to book their appointments for the AstraZeneca Covid-19 vaccine.
IT expert Ashvin Menon told The Vibes that the JKJAV website possibly was not set up to handle unusually high traffic and that Cloudflare assumes a high level of traffic is unwelcome visitors.
According to Cloudflare, it provides services to increase the security and performance of its client websites.
“My theory, although I cannot confirm this, is that the site’s Cloudflare setup was not set to handle unusually high traffic. It assumed this level of traffic was unwelcome visitors (spammers, DDOS, etc) and quickly acted to shut things down,” he said.
He added that Cloudflare has options to specifically handle unusually high web traffic.
“It’s just a matter of setting it up.”
Deleted the parent tweet about API authorisation. That error would have been caused by this, most likely. Kalau tak no one would have been able to see the PPV list at all.
— Ash Menon (@ashvinmenon) May 26, 2021
Still stupid, but slightly less stupid. https://t.co/jp2BNeBXN6
Also possibly causing errors in vaksincovid.gov.my is its application programming interface (API), said Ashvin.
To understand API, Ashvin explained it as such: “As an analogy, think of it like renewing your passport. You go to the counter at the Immigration Department, fill up a form with the required information and documents, and get your passport.
“You can’t go into the government’s databases directly or access their passport printer directly, right? So, the counter is the interface that you interact with.”
In relation to the AstraZeneca vaccine registration website, the API that possibly “malfunctioned” was the one that requests the list of vaccination centres in a particular state.
When the user fills up the vaccination form online and clicks on the state, the API is supposed to return the user a list of vaccination centres.
“High traffic volume is probably the reason it died, but if so, this is rather poor planning for two reasons.
“First, the API is protected with Cloudflare, which is capable of handling really high traffic if it knows to expect it. Secondly, it actually didn't even need CloudFlare, in my opinion. Because this API was just about getting the list of vaccination centres, it’s relatively static information.”
In his Twitter thread examining the matter, Ashvin had also tagged Cloudflare CEO Matthew Prince, requesting that Cloudflare help JKJAV as it was a “national medical emergency”.
Prince then responded, saying: “Happy to. Please have them reach out,” after which Ashvin then tagged JKJAV, Khairy Jamaluddin and Tan Sri Dr Noor Hisham Abdullah in a reply requesting action.
No wonder. Their API got swarmed.@Cloudflare please work with @JKJAVMY on this, this is a national medical emergency and they clearly need the technical help.https://t.co/vvA7BSewPj pic.twitter.com/mmRtuoXc61
— Ash Menon (@ashvinmenon) May 26, 2021
Ashvin is a freelance web developer. – The Vibes, May 26, 2021
.jpg)
.jpg)
.jpeg)
